The computer virus dubbed Nimda was quickly spreading across the world's computer networks, security officials said on Wednesday.
Trend Micro, a computer security firm, said more than 15,000 European company networks have been infected by the virus, which also hit networks in the United States and Japan.
"Its a pretty vicious attack," said Trend Micro vice president Raimond Genes. "It combines the worst of the latest viruses to deliver a powerful punch."
Tuesday, US Attorney General John Ashcroft said the virus could end up being worse than the Code Red virus that ripped through more than a quarter million computer systems in mid-July.
"The scanning activity thus far indicates that this could be heavier than the July activity with Code Red," he said during a press conference. Ashcroft said the virus is unrelated to last week's terrorist attacks on the US.
The bug has been found in Web site for Japan's agriculture, forestry and fisheries ministries. It has also been discovered in the computers at Yamanashi Gakuin University and in some 60 other various Web sites in the country.
Computer security officials are saying some 130,000 Internet sites in the US are being hit with the virus.
While the virus is closing down individual sites, it is not affecting the Internet as a whole, said California-based Keynote Systems, which monitors Internet performance.
"There's been no overall system degradation from Nimba," said Keynote spokeswoman Mary Lindsay.
The Code Red worm infected 250,000 systems in the United States in just nine hours in mid-July. A worm is a software infection that can replicate itself from one system to another.
The virus is called W32.nimda or W32.minda, said a statement by the Computer Emergency Response Team (CERT) coordination center at Carnegie Mellon University.
It spreads through e-mail attachments and through vulnerable Internet Information Server (IIS) servers.
People can also infect their computers simply by accessing an infected Internet page that contains altered web pages containing javascript, the CERT said.
"User machines that are infected by this virus might see an increase in scanning as the virus tries to compromise IIS servers," it said in the statement.
"Many sites are experiencing high loads of e-mail and network traffic as a result of this activity."
The Nimda worm would typically be sent as an e-mail without a subject line, which looks like an empty e-mail on vulnerable versions of Microsoft's Outlook e-mail program, said Vincent Weafer, senior director at software group Symantec's Security Response team.
With some other e-mail programs, it would appear to be an empty e-mail with an attachment.
The new worm can also spread by searching for devices that are shared over the network and moving through them to new hosts.
In a third method, however, it could be transmitted to people simply scanning the Internet.
(People’s Daily 09/21/2001)
